package com.rymcu.forest.util;

import com.rymcu.forest.auth.JwtAuthenticationToken;
import com.rymcu.forest.dto.TokenUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/**
 * Spring Security 工具类
 *
 * @author ronger
 */
public class SecurityUtils {

    /**
     * 获取当前认证的用户
     *
     * @return Authentication
     */
    public static Authentication getCurrentAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    /**
     * 获取当前用户ID
     *
     * @return 用户ID
     */
    public static Long getCurrentUserId() {
        Authentication authentication = getCurrentAuthentication();
        if (authentication instanceof JwtAuthenticationToken) {
            return ((JwtAuthenticationToken) authentication).getUserId();
        }
        return null;
    }

    /**
     * 获取当前用户名
     *
     * @return 用户名
     */
    public static String getCurrentUsername() {
        Authentication authentication = getCurrentAuthentication();
        if (authentication == null) {
            return null;
        }

        if (authentication instanceof JwtAuthenticationToken) {
            return ((JwtAuthenticationToken) authentication).getAccount();
        }

        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            return ((UserDetails) principal).getUsername();
        }

        return principal.toString();
    }

    /**
     * 获取当前TokenUser
     *
     * @return TokenUser
     */
    public static TokenUser getCurrentTokenUser() {
        Authentication authentication = getCurrentAuthentication();
        if (authentication instanceof JwtAuthenticationToken) {
            return ((JwtAuthenticationToken) authentication).getTokenUser();
        }
        return null;
    }

    /**
     * 获取当前JWT Token
     *
     * @return JWT Token
     */
    public static String getCurrentToken() {
        Authentication authentication = getCurrentAuthentication();
        if (authentication instanceof JwtAuthenticationToken) {
            return ((JwtAuthenticationToken) authentication).getToken();
        }
        return null;
    }

    /**
     * 检查当前用户是否已认证
     *
     * @return 是否已认证
     */
    public static boolean isAuthenticated() {
        Authentication authentication = getCurrentAuthentication();
        return authentication != null && authentication.isAuthenticated();
    }

    /**
     * 检查当前用户是否具有指定角色
     *
     * @param role 角色
     * @return 是否具有角色
     */
    public static boolean hasRole(String role) {
        Authentication authentication = getCurrentAuthentication();
        return authentication != null && authentication.getAuthorities().stream()
                .anyMatch(authority -> authority.getAuthority().equals("ROLE_" + role));
    }

    /**
     * 检查当前用户是否具有指定权限
     *
     * @param permission 权限
     * @return 是否具有权限
     */
    public static boolean hasPermission(String permission) {
        Authentication authentication = getCurrentAuthentication();
        return authentication != null && authentication.getAuthorities().stream()
                .anyMatch(authority -> authority.getAuthority().equals(permission));
    }

    /**
     * 检查当前用户是否为管理员
     *
     * @return 是否为管理员
     */
    public static boolean isAdmin() {
        return hasRole("admin");
    }

    /**
     * 清除当前用户的认证信息
     */
    public static void clearAuthentication() {
        SecurityContextHolder.clearContext();
    }
}